Subscribe

Statistics

security

Linux 2.6.11.10 has been released, which fixes two locally exploitable security issues. Another similar bug has been fixed recently by 2.6.11.9.
Every Linux box with local users should be upgraded ASAP. My laptop is already compiling away happily (although I'm the only one who has an account on it of course, but you never know)...

As some of you might have noticed, I started to sign all my emails with my GPG key a few days ago. I knew for quite a while that this is a good practice, but I just didn't get around to actually do it. Until now.

Technically, I simply added set pgp_autosign to my .muttrc, and that's it. Now mutt asks me for my passphrase upon every email I try to send and then signs it.

So... if you should receive any funny email from "me" somewhen and it's not signed, it's most probably not an email from me but either someone trying to fuck with me, spam, a virus, a trojan, a phishing mail or any other scum you can imagine.

Is it time to worry when security professionals consider you too paranoid?

I consider myself quite security-aware (or paranoid, as you like), too, but some of Mark Burnett's measures are really quite extreme. For example:

I require my kids to use at least 14 character passwords on our home network and I'm considering issuing them smart cards. [...] I don't just throw out shredded documents; I spread the shredded bits into my garden to use as mulch.

However, I really agree with him on this issue: "There's no need to analyze the threat of every situation. Just practice strong security always and you should be okay". I couldn't have said this any better.

There's a text transcript of the last part of the lecture, which (among other stuff) says:

I am tied up all this afternoon; I am out of town all of next week. You have until 11:55 to return the computer, and whatever copies you've made, to my office, because I'm the only hope you've got of staying out of deeper trouble than you or any student I've ever known has ever been in.

There's lots of discussion going on right now about this. One reader of Joe Grossberg's blog is a bit sceptic (to say the least) that all of what the prof said is true, but still, I'm sure this scared the shit out of the guy who stole the laptop...